The released Windows 0.9.0 binaries are vulnerable, so Wladimir just sent an alert message urging everybody running 0.9.0 to upgrade.
But apparently only few developers actually do that and bitcoin core devels don't seem to be on that list... at last as far as I had checked this code.
So, shame on you too!
Check again; see the use of CKeyingMaterial/CPrivKey which uses a secure_allocator (which asks the operating system not to swap the memory to disk, and which zeros memory on free). If I recall correctly, the RPC importprivkey should be the only place where the normal memory allocator is used (the keys exist as ordinary hex strings in memory before they are processed by the importprivkey code).So, shame on you too!
Careful review (and testing and patches) is always welcome, of course. You shouldn't trust my famously faulty memory.